For this year's HaXmas, we're giving the gift of Metasploit knowledge! We'll cover a mix of old, new, or recently improved features that you can incorporate into your workflows. Some of our readers may already know these tips and tricks for using Metasploit, but for the others who aren't aware of them, it's your lucky day!
Debugging failed HTTP Modules
There's nothing more upsetting than not getting a Meterpreter session due to the misconfiguration of module options. I have found that the quickest way to sanity-check failed HTTP Modules is to set the HTTPTrace option to true before running your module:
set HTTPTrace true
This will enable the logging of raw HTTP requests and responses:
msf6 > use scanner/http/title
msf6 auxiliary(scanner/http/title) > set RHOSTS 127.0.0.1
RHOSTS => 127.0.0.1
msf6 auxiliary(scanner/http/title) > set HttpTrace true
HttpTrace => true
msf6 auxiliary(scanner/http/title) > run
####################
# Request:
####################
GET / HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
####################
# Response:
####################
HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/2.7.16
Date: Wed, 16 Dec 2020 01:16:32 GMT
Content-type: text/html; charset=utf-8
Content-Length: 178
Directory listing for /
Directory listing for /
[+] [127.0.0.1:80] [C:200] [R:] [S:SimpleHTTP/0.6 Python/2.7.16] Directory listing for /
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/http/title) >
This is a great way to quickly see why your modules have failed. ..
Support the originator by clicking the read the rest link below.